CVE-2022-1361

CWE-89: IMPROPER NEUTRALIZATION OF SPECIAL ELEMENTS USED IN AN SQL COMMAND ('SQL INJECTION')
The affected On-Premise cnMaestro is vulnerable to a pre-auth data exfiltration through improper neutralization of special elements used in an SQL command. This could allow an attacker to exfiltrate data about other user’s accounts and devices.

Risk Information

  • CVE ID
  • CVE-2022-1361
  • Vendor
  • Cambium Networks
  • Product
  • cnMaestro
  • CVSS v3
  • 7.4